Hardfork bit wipeout protection #46
Conversation
src/primitives/block.h
Outdated
| @@ -10,6 +10,8 @@ | |||
| #include "serialize.h" | |||
| #include "uint256.h" | |||
|
|
|||
| static const int HARDFORK_VERSION_BIT = 0x80000000; | |||
There was a problem hiding this comment.
It needs to be uint32_t (and CBlock::nVersion as well)
| if (BIP102active(nHeight, fSegwitSeasoned)) { | ||
| if (block.nVersion & HARDFORK_VERSION_BIT) | ||
| return true; | ||
| return state.Invalid(false, REJECT_OBSOLETE, strprintf("bad-version(0x%08x)", block.nVersion), |
There was a problem hiding this comment.
The reject reason should be a fixed string.
There was a problem hiding this comment.
Seems like it would be a good idea to know the block version that was rejected for debugging purposes.
There was a problem hiding this comment.
The next argument is the debug string.
There was a problem hiding this comment.
I copied that from here, guess that should be changed as well?
jameshilliard
force-pushed
the
segwit2x-wipeout-protection
branch
2 times, most recently
from
517a48a
to
2a6dfc9
Compare
jameshilliard
force-pushed
the
segwit2x-wipeout-protection
branch
from
2a6dfc9
to
80e074d
Compare
|
This PR appears to reduce compatibility with wallet software in the field which could otherwise continue functioning just fine. Several Wallet softwares were previously tested, and are being re-tested, with a block size increase. I'm not aware of any testing a high bit block version change. Probably NAK, but will await further comments and responses and corrections. |
|
@jgarzik The main issue is that SPV wallet developers need a reliable way to determine which chain they are on, this PR makes it trivial for them to determine since the block version is in the header while using a mandatory large block would be much more difficult since they would not normally have enough information to reliably determine the chain they are on. |
|
Isn't following the chain with the most PoW not enough? |
No, that's the reason for wipeout protection as that is something that can change, it ensures that you don't get unexpected reorgs. |
|
But what's the point in following a minority chain if most of the miners defect? The S2X comes to fruition because the hypothesis is that it's backed by 80%+ of hash rate. |
Markets will determine which is more profitable to mine. |
|
That's my point. |
But miners may take time to react to markets so there's a good chance there will be a need for SPV wallets to be able to follow a minority chain at least temporarially, it's also possible there will be 2 viable chains like ETH and ETC. The issue with SPV wallets like bitcoinj and hard fork validation has been pointed out by bitsquare:
Using the hard fork bit means SPV wallets aren't left behind here and have the same decision capability as full nodes. It also means they aren't at risk of reorg. |
|
@jameshilliard Avoiding chain split by reorg is one advantage. You advocated it as an advantage when you promoted the fake UASF like crazy. Its written into Bitcoin Paper that by definition shall nodes follow the longest chain. Its anti-Bitcoin if you try to encourage chain split by supporting orphaned short chain against 90% hashrate. After all, you can fork anytime and do anything to wipe-protect your new altcoin, and take the risk yourself. No one stops you. But don't expect the Bitcoin community to take the risk for your altcoin. We don't have such obligations. Sorry. Anyway, this project is to make sure the success of SegWit2X, especially the 2X part, as the charter stated. We shall try our best to mitigate unintentional chain split. Yet if some malicious guys try to split the chain intentionally, we do not have the obligation to encourage them. They shall take the risk themselves. And Bitcoin will move forward. |
Don't worry, that bug was later fixed to instead follow the most-work chain. |
|
@kek-coin If you see Bitcoin as a bug, you can fork anytime. What stopped you? Let me guess what you altcoin will base on, maybe most-censorship chain? Most-lies chain is even better, lol |
Read the code, it's more clear, it's most work valid chain.
Reorg protection is something that protects both sides. Without this if the economy favors the original chain the 2X chain would be wiped out for SPV wallets. |
|
@jli225 Thank you for trying to interpret my words, unfortunately it seems you have failed to grok. I do not see Bitcoin as a bug, I was merely pointing out that the bug of using the longest valid chain rather than the most-work valid chain was already fixed a long time ago. Quoting bugs in the whitepaper does not strengthen your point (and neither does 👍ing your own comments). |
|
@kek-coin You have no clue how Bitcoin works. Go to read Bitcoin Paper and the talk of early Bitcoiners before you spam those ridiculous misinformation. If you see the work following consensus as 'invalid work', you can fork to your most-trolls altcoin anytime and create your own consensus and 'valid work'. 😊 |
|
Assuming that the most important chain is the one that most trolls will be active on I have no problem with that idea. |
|
Two comments:
|
SPV wallets will need to be updated regardless(DNS seeds at a minimum), HF bit support is trivial for SPV wallet developers to support.
Then why is there wipeout protection at all, why leave SPV wallets vulnerable and not full nodes? Clearly there's a very realistic chance that the minority chain would not be the minority for long if it has more economic support. |
Forcing SPV wallets onto the 1MB branch unless they upgrade also makes users vulnerable to funds theft in some scenarios. The tradeoffs need to be understood or this discussion will simply go in circles forever. In the following I'm assuming that hashpower and % of bitcoin economy will converge to similar values over time (except in PoW-change scenarios), and I only cover standard SPV clients (using a trusted node would completely change the behaviour), and I assume the user only receives and cares about coins received on their local branch. Scenario 1: ~80% forever.The minority chain continues to exist without a POW hardfork. Scenario 2: ~20% forever.Block-size wipeout protection: Allows the fork to happen at all instead of constantly getting re-orged away. SPV wallets all end up on the majority chain instead. Scenario 3: ~80% -> ~20% steady state after a few months.Block-size wipeout protection: User receives coins on majority branch which then becomes the minority branch. Impact: Loss funds in value terms, requires manual intervention to actually access the coins (they're not actually gone, just hard to see from an SPV wallet). Scenario 3: ~20% -> ~80% steady state after a few months.Block-size wipeout protection: User receives coins on majority branch which then becomes the minority branch. Impact: Loss funds in value terms, requires manual intervention to actually access the coins (they're not actually gone, just hard to see from an SPV wallet). Scenario 4: ~80% -> 0 over some timescale (no PoW change)Block-size wipeout protection: Total loss of received funds. Scenario 5: ~80% -> 100% over some timescale (no PoW change)Block-size wipeout protection: Unaffected. Scenario 6: ~20% -> 0 over some timescale (no PoW change)Block-size wipeout protection: Unaffected. Scenario 7: ~20% -> 100% over some timescale (no PoW change)Block-size wipeout protection: Total loss of received funds. Scenarios 8, 9, 10, 11: Same as 4, 5, 6, 7 except a PoW change happens afterwardsReplace "Total loss of received funds" with "Requires wallet upgrade/new wallet to follow minority branch" instead. Scenario 12: Chaos (alternating most-work branches for an extended duration):Block-size wipeout protection: Will end up with coins on both sides, will need a subsequent wallet upgrade to manage them. So the main advantage of the HF-bit protection is the avoidance of chain switching behaviour and the associated technical headaches. The main advantage of Block-size wipeout protection is that the SPV client is always tracking funds from the "most likely to survive" branch (assuming that hashrate % positively correlates with survival chance, even weakly). Note that in no case does the user find themselves with lost coins in the block-size wipeout protection case but not in (one of the) HF-bit protection cases. Contrast with no wipeout protection at all which results in truly lost funds every time the >1MB chain stops being the most-work chain (and subsequently falls to 0 hashrate). So there's a big requirement to give mining nodes wipeout protection, but the benefits to other nodes are less critical (given that the 2 chains continue to exist). In addition, should we find ourselves in one of the scenarios where, in retrospect, the HF-bit protection would have been better (12, mostly) a retrospective handling of splits is pretty trivial to achieve by checkpointing. |
Has SPV wallets been tested with two chains running? |
| @@ -3001,6 +3003,13 @@ bool ContextualCheckBlockHeader(const CBlockHeader& block, CValidationState& sta | |||
| if (block.GetBlockTime() > nAdjustedTime + 2 * 60 * 60) | |||
| return state.Invalid(false, REJECT_INVALID, "time-too-new", "block timestamp too far in the future"); | |||
|
|
|||
| if (BIP102active(nHeight, fSegwitSeasoned)) { | |||
| if (block.nVersion & HARDFORK_VERSION_BIT) | |||
| return true; | |||
There was a problem hiding this comment.
This "return true" will re-enable block.nVersion < 4 for blocks after the HF, because that check is later . Is this really what you want?
There was a problem hiding this comment.
Shouldn't any block with block.nVersion < 4 fail the if (block.nVersion & HARDFORK_VERSION_BIT) check?
|
Closing - not needed |
This should make wipeout protection SPV compatible.